Author
Topic: Question on OpenVPN assigned to interface but DHCP not working (Read 405 times)

first time poster here. Been using OPNSense for a couple of months now and I'm very happy with it.

I had my install setup with WAN and LAN assigned to different interfaces. Have been running OpenVPN since my start with OPNSense as well, but up until now that was not assigned to an interface. Only in the firewall section there appeared an OpenVPN subsection to setup required rules. Worked fine for me.

But recently I setup a DMZ with its own interface as well and that let me to the point where I started wondering if I could assign OpenVPN its own interface and what benefits that might give me.

I have since then assigned OpenVPN its own interface ('VPN'), firewall rules are switched over to that interface, all is still working. But then I tried to setup DHCP for the VPN interface just as I did for LAN and DMZ.

But when I login through VPN I still receive the same 'virtual IP' that I was getting before I assigned OpenVPN its own interface. I know this is not from the DHCP server since it is an IP that is outside of the range I assigned there.

When I go through the DHCP logs, there was an error there but I don't understand it."dhcpd: bad range, address XXX.XXX.0.2 not in subnet XXX.XXX.0.1 netmask 255.255.255.255"

In the DHCP for the VPN interface I have NOT setup a subnet XXX.XXX.0.1! Even more, that is not even possible, it will always be XXX.XXX.0.0 by default and it cannot be changed in the GUI.

The VPN client still gets the 'old' virtual IP, VPN still works so nothing is really 'broken'. But if DHCP is not working like I want it too, I don't see any benefit in assigning a specific interface to OpenVPN.

Did some Googling on my own, but still haven't been able to figure it out. So far I stumbled upon two areas where I might find a solution, but before I dive into either of them I would like to understand what's going on.1) VPN > Servers > Edit server > Client settings > TopologyIn the explanation it says: "Relevant when supplying a virtual adapter IP address to clients when using tun mode on IPv4." That indeed applies to me, but if I tick that box then DHCP gives an error: "dhcpd: Unsupported device type 23 for "ovpns1"".2) Switch from TUN mode to TAP mode. But in my case I cannot see why that would be necessary. TUN mode should be fine.

Anyone here that can point me in the right direction as to why my setup isn't working and what could be a solution? I hope I have given enough information on my setup. If not, then please request what else is needed to answer and I will supply the info.

Any help is much appreciated, hoping to learn a thing or two in the process Thank you in advance, best regards,Joris.